Common use of IT Security Plan Clause in Contracts

IT Security Plan. The Contractor shall develop, provide, implement, and maintain an IT Security Plan. This plan shall describe the processes and procedures that will be fol- lowed to ensure appropriate security of IT resources that are developed, processed, or used under this contract. The plan shall de- scribe those parts of the contract to which this clause applies. The Contractors IT Secu- rity Plan shall comply with applicable Fed- eral laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002. The plan shall meet IT security requirements in ac- cordance with Federal and GSA policies and procedures. GSA’s Office of the Chief Infor- mation Officer issued ‘‘CIO IT Security Pro- cedural Guide 09–48, Security Language for Information Technology Acquisitions Ef- forts,’’ to provide IT security standards, poli- cies and reporting requirements. This docu- ment is incorporated by reference in all so- licitations and contracts or task orders where an information system is contractor owned and operated on behalf of the Federal Government. The guide can be accessed at http:// .▇▇▇.▇▇▇/▇▇▇▇▇▇/▇▇▇▇▇▇▇▇/▇▇▇▇▇. Spe- cific security requirements not specified in ‘‘CIO IT Security Procedural Guide 09–48, Se- curity Language for Information Technology Acquisitions Efforts’’ shall be provided by the requiring activity.